Marriott wifi blocking

[nick at flhsi.com (Nick Olsen)]

Not sure the specific implementation. But I've heard of Rouge AP detection 
done in two ways.
  
 1. Associate to the "Rouge" ap. Send a packet, See if it appears on your 
network, Shut the port off it appeared from. I think this is the cisco way? 
Not sure. This is automated of course. This method wouldn't work in this 
case. Because it wasn't connected to the hotels network
  
 2. Your AP's detect the "Rouge" AP, They slam out a ton of "Deauth's" 
directed at the clients, As if they are the AP. Effectively telling the 
client to "disconnect".
  
 Side question for those smarter than I. How does WPA encryption play into 
this? Would a client associated to a WPA2 AP take a non-encrypted deauth 
appearing from the same BSSID?
  
 Nick Olsen
Network Operations  (855) FLSPEED  x106

  

----------------------------------------
 From: "David Hubbard" <dhubbard at dino.hostasaurus.com>
Sent: Friday, October 03, 2014 4:11 PM
To: "NANOG" <nanog at nanog.org>
Subject: Marriott wifi blocking   
Saw this article:

http://www.cnn.com/2014/10/03/travel/marriott-fcc-wi-fi-fine/

The interesting part:

'A federal investigation of the Gaylord Opryland Resort and
Convention Center in Nashville found that Marriott employees
had used "containment features of a Wi-Fi monitoring system"
at the hotel to prevent people from accessing their own
personal Wi-Fi networks.'

I'm aware of how the illegal wifi blocking devices work, but
any idea what legal hardware they were using to effectively
keep their own wifi available but render everyone else's
inaccessible?

David